CustomValidationRule.php
2 months ago
DisableIntrospection.php
2 months ago
ExecutableDefinitions.php
2 months ago
FieldsOnCorrectType.php
2 months ago
FragmentsOnCompositeTypes.php
2 months ago
KnownArgumentNames.php
2 months ago
KnownArgumentNamesOnDirectives.php
2 months ago
KnownDirectives.php
2 months ago
KnownFragmentNames.php
2 months ago
KnownTypeNames.php
2 months ago
LoneAnonymousOperation.php
2 months ago
LoneSchemaDefinition.php
2 months ago
NoFragmentCycles.php
2 months ago
NoUndefinedVariables.php
2 months ago
NoUnusedFragments.php
2 months ago
NoUnusedVariables.php
2 months ago
OneOfInputObjectsRule.php
2 months ago
OverlappingFieldsCanBeMerged.php
2 months ago
PossibleFragmentSpreads.php
2 months ago
PossibleTypeExtensions.php
2 months ago
ProvidedRequiredArguments.php
2 months ago
ProvidedRequiredArgumentsOnDirectives.php
2 months ago
QueryComplexity.php
2 months ago
QueryDepth.php
2 months ago
QuerySecurityRule.php
2 months ago
ScalarLeafs.php
2 months ago
SingleFieldSubscription.php
2 months ago
UniqueArgumentDefinitionNames.php
2 months ago
UniqueArgumentNames.php
2 months ago
UniqueDirectiveNames.php
2 months ago
UniqueDirectivesPerLocation.php
2 months ago
UniqueEnumValueNames.php
2 months ago
UniqueFieldDefinitionNames.php
2 months ago
UniqueFragmentNames.php
2 months ago
UniqueInputFieldNames.php
2 months ago
UniqueOperationNames.php
2 months ago
UniqueOperationTypes.php
2 months ago
UniqueTypeNames.php
2 months ago
UniqueVariableNames.php
2 months ago
ValidationRule.php
2 months ago
ValuesOfCorrectType.php
2 months ago
VariablesAreInputTypes.php
2 months ago
VariablesInAllowedPosition.php
2 months ago
DisableIntrospection.php
55 lines
| 1 | <?php declare(strict_types=1); |
| 2 | |
| 3 | namespace Automattic\WooCommerce\Vendor\GraphQL\Validator\Rules; |
| 4 | |
| 5 | use Automattic\WooCommerce\Vendor\GraphQL\Error\Error; |
| 6 | use Automattic\WooCommerce\Vendor\GraphQL\Language\AST\FieldNode; |
| 7 | use Automattic\WooCommerce\Vendor\GraphQL\Language\AST\NodeKind; |
| 8 | use Automattic\WooCommerce\Vendor\GraphQL\Validator\QueryValidationContext; |
| 9 | |
| 10 | class DisableIntrospection extends QuerySecurityRule |
| 11 | { |
| 12 | public const ENABLED = 1; |
| 13 | |
| 14 | protected int $isEnabled; |
| 15 | |
| 16 | public function __construct(int $enabled) |
| 17 | { |
| 18 | $this->setEnabled($enabled); |
| 19 | } |
| 20 | |
| 21 | public function setEnabled(int $enabled): void |
| 22 | { |
| 23 | $this->isEnabled = $enabled; |
| 24 | } |
| 25 | |
| 26 | public function getVisitor(QueryValidationContext $context): array |
| 27 | { |
| 28 | return $this->invokeIfNeeded( |
| 29 | $context, |
| 30 | [ |
| 31 | NodeKind::FIELD => static function (FieldNode $node) use ($context): void { |
| 32 | if ($node->name->value !== '__type' && $node->name->value !== '__schema') { |
| 33 | return; |
| 34 | } |
| 35 | |
| 36 | $context->reportError(new Error( |
| 37 | static::introspectionDisabledMessage(), |
| 38 | [$node] |
| 39 | )); |
| 40 | }, |
| 41 | ] |
| 42 | ); |
| 43 | } |
| 44 | |
| 45 | public static function introspectionDisabledMessage(): string |
| 46 | { |
| 47 | return 'Automattic\WooCommerce\Vendor\GraphQL introspection is not allowed, but the query contained __schema or __type'; |
| 48 | } |
| 49 | |
| 50 | protected function isEnabled(): bool |
| 51 | { |
| 52 | return $this->isEnabled !== self::DISABLED; |
| 53 | } |
| 54 | } |
| 55 |